I’m not clear if it’s for all traffic, or just Safari?
And I can’t imagine Apple just built-out some massive capacity of their own for this? Maybe underneath the hood they’re partnering with Cloudflare for WARP or something similar?
And I’m guessing it would go ‘around’ any local pi-hole installations?
But then again, I’m mostly just guessing and could be completely wrong.
I just came here straight after looking at the MacStories overview of the Fast Company interview.
It’s just Safari, the clever idea is that your request is essentially split in 2 so no one knows who sent the request, and Apple is working with un-named third parties.
And another clever bit is it doesn’t let you change your country, so media companies won’t be too unhappy.
I’m very interested to see how this works with TLS interception, how it plays with DNS, how difficult it will be to detect and block, and how Safari will handle this being blocked.
And also I think they mostly leverage 3rd party networks, hence the splitting of the stream. Give someone half of an encrypted stream, and no matter what they won’t be able to reconstitute the request.
So Apple itself would need only very few access (or egress) points and they would be able to pull this off without any issues
an oversimplicifaction of the fact that the request is split = encrypt, ip removed from encrypted package, sent to 3rd party that adds artificial ip and forwards to destination
There are multiple hops, but I don’t think it’s “split”. It still has to be routed. Apple has your IP, anonymizes it (think NAT) forwards it along to a third party to decrypt the payload/page request.
If you use a “normal” VPN then it simply shows up to your computer as a separate network interface and route. Servers will see either your IP address as the source, or (more commonly) a NATed one.